Zope : Security Vulnerabilities, CVEs, Published In 2001
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Max CVSS
7.5
EPSS Score
1.34%
Published
2001-10-10
Updated
2008-09-10
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Max CVSS
7.5
EPSS Score
0.37%
Published
2001-10-10
Updated
2017-10-10
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
Max CVSS
2.1
EPSS Score
0.05%
Published
2001-08-22
Updated
2008-09-05
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-08-22
Updated
2008-09-05
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-08-14
Updated
2017-10-10
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
Max CVSS
7.2
EPSS Score
0.06%
Published
2001-03-12
Updated
2017-10-10
6 vulnerabilities found